An Introduction To DKIM

This is an article on An Introduction To DKIM in Engineering Concepts.

DKIM stands for DomainKeys Identified Mail, it helps associate a domain with an email message to help prove the authenticity of the message. DKIM is a successor of DomainKeys developed by Yahoo!, it was deprecated in 2007 but some providers still use it. DKIM was created by an informal group and was submitted to IETF for further development and standarization. DKIM uses public key encryption for signing.

How It Works

The sender (sometimes the signer, not always, for example GMail/Sendmail signs it's users' message, not the users) adds a mail header field DKIM-Signature:, the receiver (not necessarily the recipient, it may be the ESP/MTA, like GMail, Yahoo! etc.) recovers the signer's public key from their DNS records - which is computed using details provided in the DKIM-Signature: header field - which is used to verify the contents of the message & it's integrity.

A DKIM-Signature: header field contains many name-value pairs, know as tags. Names are short maximun one or two letters. The b tag contains the digtal signature of the mail contents (body & headers), bh stands for the body hash i.e. a fingerprint of the body - which can be used to detect tampering, s is for selector which needs to used when fetching the public key from DNS record, d is for signing domain. These are the most important tags, there are other tags which provides the DKIM version, cryptographic algorithm, etc being used.

Personal Use

If you are aware of any other hosting/email provider having DKIM support like Google Apps please do post in the comments, it might help someone setting up DKIM for personal/SOHO use.

Signing Email via Custom Scripts

You may also sign you email with DKIM and forward it to your MTA (in case it does not support DKIM integration, or you may not have the privilege to do so), for that purpose all popular scripting & programming languages have free libraries which will help you accomplish the task. We'll cover this topic another day.